This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

This Website Uses CookiesBy closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

Kevin Coleman is a dynamic speaker, author, advisor, and visionary that provides riveting insight on strategy, innovation, and the high velocity technology. He was Chief Strategist at Internet icon Netscape and at another startup that grew to be BusinessWeek’s 44th fastest growing company. He has spoken at some of the world’s most prestigious organizations, including the United Nations, the U.S. Congress, at U.S. Strategic Command, and before multiple Fortune 500 organizations and briefed executives in 42 countries around the world.

What About Tomorrow?

Everyone wants to know what should keep CSOs and CISOs up at night as they begin to plan for the future. But there isn't just one. Instead, it's a combination of issues that will create a complex, multi-faceted problem set that has no clear-cut solution.

To get a picture of what is likely to await all of us, let’s look at the numbers! The cyberattack surface area will dramatically increase over the next few years. A 2015 report by management consultants at EY projected that by 2020, the number of connected devices would exceed 50 billion. Think about the dramatic growth in the Internet of Things segment – connected vehicles, wearable computing, IoT sensors embedded systems, and so much more. We must not forget that as it stands now, many of those IoT devices are not likely to have cybersecurity protection built-in, or much less added on.

Now take into consideration that Cybersecurity Ventures projected the global cybersecurity global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years. And factor in another number: the cybercrime estimate by Cybersecurity Ventures that is expected to hit $6 trillion annually by 2021.

Ultimately, you have to conclude we will spend $1 trillion and end up with annual cyber losses of $6 trillion. Some might say we are fighting a losing battle and question if it is worth it. But how big would it be if we did not spend the trillion on our efforts to protect and defend? That is the threatscape in which CSOs and CISOs will find themselves. With that as the context, what are likely to be some of the troubling aspects that CSOs or CISOs will face in the next few years? Here are my top five picks:

1. The public disclosure that a successful cyberattack resulted in the death or deaths of individuals.

2. Civil or criminal action being brought against a CSO, CISO, or organization due to the death or deaths of individuals resulting from a cyberattack.

3. Legal action against a business that was an unwilling participant in a disruptive cyberattack against critical infrastructure that resulted in the disruption of service to their customers.

4. Product liability issues arising from system vulnerabilities that were exploited and resulted in a successful cyberattack that resulted in monetary losses.

5. Continued growth in the frequency and severity of cyberattacks will result in some country instituting a cyber draft to defend its digital boarders.

With each and every day that cyber risks increase in the frequency that they occur, the complexity of the risks and the severity of their implications also increase. It is deeply concerning that one or more of the five issues above will further dissuade individuals perusing a career in cyber or information security, making the shortage even more severe. After all, current projects suggest that based on current analysis there will be a shortage of approximately 1.5 million cybersecurity practitioners by 2019. As a CSO or CISO, how do you plan on protecting the devices, computers and systems when there are not properly skilled resources for you to hire?

How do you plan to protect your organization's computer assets, intellectual property and data when your budget will clearly not grow anywhere near as fast at the cost of cybercrime?

The best advice is to get company executives knowledgeable and aware of these and other strategic challenges. Make this someone else’s problem as well as yours. Create a realistic budget based on a recent and accurate cyber risk assessment. It is the CSO's and CISO's professional duty to put realistic estimates that will properly protect the information assets of the organization and comply with regulations in their plans, even if they are not likely to be approved.

Blog Roll

Kevin Coleman is a dynamic speaker, author, advisor, and visionary that provides riveting insight on strategy, innovation, and the high velocity technology. He was Chief Strategist at Internet icon Netscape and at another startup that grew to be BusinessWeek’s 44th fastest growing company. He has spoken at some of the world’s most prestigious organizations, including the United Nations, the U.S. Congress, at U.S. Strategic Command, and before multiple Fortune 500 organizations and briefed executives in 42 countries around the world.

Restricted Content

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.

Events

Chad Schermerhorn, Security Expert at Brivo, will discuss how your physical security stack should be an operational asset. It should be based on the strongest, and most-up-to-date smart security that can protect you today and adapt for unexpected threats that may come.

DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Products

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

This month in Security magazine, we highlight COVID-19 and infosec's response. How has the sudden shift to remote work changed the roles of CISOs and security teams? Also this month, we profile Justin Dolly, CSO at Sauce Labs, his view on infosec and building security teams. In addition, security experts discuss continuous monitoring, radicalism, quantum technology, endpoint security and more.